## **CLAIMS**

## What is claimed is:

| 4 | 4 | A .             |             |
|---|---|-----------------|-------------|
| ľ |   | An apparatus    | comprising: |
| - |   | I III apparatas | Comprising. |

- 2 a configuration storage containing configuration parameters to configure an access
- 3 transaction generated by a processor having a normal execution mode and an isolated
- 4 execution mode, the access transaction having access information; and
- 5 an access checking circuit coupled to the configuration storage to check the access
- 6 transaction using at least one of the configuration parameters and the access information.
- 1 2. The apparatus of claim 1 wherein the configuration parameters include an 2 isolated setting and an execution mode word.
- 1 3. The apparatus of claim 2 wherein the access information comprises a
- 2 physical address and an access type, the access type indicating if the access transaction is
- 3 one of a memory access, an input/output access, and a logical processor access, the
- 4 physical address being one of a translation lookaside buffer (TLB) physical address from
- 5 a TLB and a front side bus (FSB) physical address from an FSB.
- 1 4. The apparatus of claim 3 wherein the configuration storage comprises:

- a setting storage to contain the isolated setting for defining an isolated memory
   area corresponding to a memory external to the processor.
- 1 5. The apparatus of claim 4 wherein the setting storage comprises:
- a base register, a mask register, and a length register to store a base value, a mask
- 3 value, and a length value, respectively, a combination of at least two of the base, mask,
- 4 and length values forming the isolated setting.
- 1 6. The apparatus of claim 5 wherein the configuration storage further 2 comprises:
- a processor control register to contain the execution mode word, the execution mode word being asserted when the processor is configured in the isolated execution mode.
- The apparatus of claim 6 wherein the access checking circuit comprises:
- TLB and FSB address detectors to detect if the TLB and FSB physical addresses
- 3 are within the isolated memory area defined by the isolated setting, TLB and FSB the
- 4 address detectors generating a processor isolated access signal and an FSB isolated access
- 5 signal, respectively.

| 1 | 8. The apparatus of claim 7 wherein the access checking circuit further                     |
|---|---------------------------------------------------------------------------------------------|
| 2 | comprises:                                                                                  |
| 3 | a snoop checking circuit coupled to a cache and the address detector to generate a          |
| 4 | processor snoop access signal.                                                              |
| 1 | 9. The apparatus of claim 8 wherein the snoop checking circuit comprises:                   |
| 2 | a snoop combiner to combine a cache access signal, the FSB isolated access                  |
| 3 | signal, and an external isolated access signal from another processor, the combined cache   |
| 4 | access signal, the processor isolated access signal and the external isolated access signal |
| 5 | corresponding to the processor snoop access signal.                                         |
| 1 | 10. The apparatus of claim 7 wherein the access checking circuit further                    |
| 2 | comprises:                                                                                  |
| 3 | an access grant generator coupled to the address detector and the processor control         |
| 4 | register to generate an access grant signal indicating if the access transaction is valid.  |

The apparatus of claim 7 wherein the logical processor access is one of a
 logical processor entry and a logical processor exit.

13

| 1  | 12. The apparatus of claim 11 wherein the access checking circuit comprises:             |  |  |
|----|------------------------------------------------------------------------------------------|--|--|
| 2  | a logical processor manager to manage a logical processor operation caused by the        |  |  |
| 3  | logical processor access.                                                                |  |  |
|    |                                                                                          |  |  |
|    |                                                                                          |  |  |
| 1  | 13. The apparatus of claim 12 wherein the logical processor manager                      |  |  |
| 2  | comprises:                                                                               |  |  |
| 2  |                                                                                          |  |  |
| 3  | a logical processor register to store a logical processor count indicating a number      |  |  |
| 4  | of logical processors currently enabled;                                                 |  |  |
| 5  | a logical processor state enabler to enable a logical processor state when the           |  |  |
| 6  | logical processor access is valid;                                                       |  |  |
|    |                                                                                          |  |  |
| 7  | a logical processor updater coupled to the logical processor register to update the      |  |  |
| 8  | logical processor count according to the logical processor access, the logical processor |  |  |
| 9  | updater being enabled by the enabled logical processor state;                            |  |  |
|    |                                                                                          |  |  |
| 10 | a minimum detector coupled to the logical processor register to determine if the         |  |  |
| 11 | logical processor count is equal to a minimum logical processor value; and               |  |  |
|    | $\cdot$                                                                                  |  |  |

a maximum detector coupled to the logical processor register to determine if the

logical processor count exceeds a maximum logical processor value.

2

3

4

5

- 1 14. The apparatus of claim 13 wherein the logical processor updater initializes 2 the logical processor register when there is no enabled logical processor.
  - 15. The apparatus of claim 14 wherein the logical processor updater updates the logical processor count in a first direction when the access transaction corresponds to the logical processor entry, and updates the logical processor count in a second direction opposite to the first direction when the access transaction corresponds to the logical processor exit.
  - 16. A method comprising:
- configuring an access transaction generated by a processor by a configuration storage containing configuration parameters, the processor having a normal execution mode and an isolated execution mode, the access transaction having access information; and
- 6 checking the access transaction by an access checking circuit using at least one of 7 the configuration parameters and the access information.
- 1 17. The method of claim 16 wherein the configuration parameters include an 2 isolated setting and an execution mode word.

| 1 | 18. The method of claim 17 wherein the access information comprises a                        |
|---|----------------------------------------------------------------------------------------------|
| 2 | physical address and an access type, the access type indicating if the access transaction is |
| 3 | one of a memory access, an input/output access, and a logical processor access, the          |
| 4 | physical address being one of a translation lookaside buffer (TLB) physical address from     |
| 5 | a TLB and a front side bus (FSB) physical address from an FSB.                               |

- 1 19. The method of claim 18 wherein configuring the access transaction 2 comprises:
- defining an isolated memory area corresponding to a memory external to the processor by the isolated setting contained in a setting storage.
- 1 20. The method of claim 19 wherein defining the isolated memory area 2 comprises:
- forming the isolated setting by a combination of at least two of a base value, a
  mask value, and a length value stored in a base register, a mask register, and a length
  register, respectively.
- 1 21. The method of claim 20 wherein configuring the access transaction further 2 comprises:

042390.P8112 31 Patent Application

2

respectively.

comprises:

- asserting the execution mode word stored in a processor control register when the
   processor is configured in the isolated execution mode.
- 1 22. The method of claim 21 wherein checking the access transaction 2 comprises:
- detecting if the TLB and FSB physical addresses are within the isolated memory
  area defined by the isolated setting by TLB and FSB address detectors, respectively, the
  TLB and FSB address detectors generating processor and FSB isolated access signals,
- 1 23. The method of claim 22 wherein checking the access transaction further
- 3 generating a processor snoop access signal by a snoop checking circuit.
- 1 24. The method of claim 23 wherein generating the processor snoop access 2 signal comprises:
- combining a cache access signal, the FSB isolated access signal, and an external isolated access signal from another processor by a snoop combiner, the combined cache access signal, the processor isolated access signal and the external isolated access signal corresponding to the processor snoop access signal.

042390.P8112 32 Patent Application

| 1 | 25.            | The method of claim 22 wherein checking the access transaction further           |
|---|----------------|----------------------------------------------------------------------------------|
| 2 | comprises:     |                                                                                  |
| 3 | gener          | ating an access grant signal indicating if the access transaction is valid by an |
| 4 | access grant g | generator.                                                                       |
|   |                |                                                                                  |

- 1 26. The method of claim 22 wherein the logical processor access is one of a logical processor entry and a logical processor exit.
- The method of claim 26 wherein checking the access transaction comprises:
- managing a logical processor operation caused by the logical processor access by

  a logical processor manager.
- 1 28. The method of claim 27 wherein managing the logical processor operation 2 comprises:
- storing a logical processor count indicating a number of logical processors
   currently enabled in a logical processor register;
- enabling a logical processor state when the logical processor access is valid by a logical processor state enabler;

042390.P8112 33 Patent Application

updating the logical processor count according to the logical processor access by a logical processor updater, the logical processor updater being enabled by the enabled logical processor state;

determining if the logical processor count is equal to a minimum logical processor value by a minimum detector; and

determining if the logical processor count exceeds a maximum logical processor value by a maximum detector.

- 1 29. The method of claim 28 wherein updating the logical processor count 2 comprises:
- initializing the logical processor register when there is no enabled logical
   processor.
- 1 30. The method of claim 29 wherein updating the logical processor count 2 comprises:
- updating the logical processor count in a first direction when the access
   transaction corresponds to the logical processor entry; and
- 5 updating the logical processor count in a second direction opposite to the first 6 direction when the access transaction corresponds to the logical processor exit.
- 1 31. A system comprising:

2

3

4

| 2  | a chipset;                                                                             |
|----|----------------------------------------------------------------------------------------|
| 3  | a memory coupled to the chipset having an isolated memory area; and                    |
| 4  | a processor coupled to the chipset and the memory having an access manager, the        |
| 5  | processor having a normal execution mode and an isolated execution mode, the processor |
| 6  | generating an access transaction having access information, the access manager         |
| 7  | comprising:                                                                            |
|    |                                                                                        |
| 8  | a configuration storage containing configuration parameters to                         |
| 9  | configure the access transaction, and                                                  |
|    |                                                                                        |
| 10 | an access checking circuit coupled to the configuration storage to                     |
| 11 | check the access transaction using at least one of the configuration                   |
| 12 | parameters and the access information.                                                 |
|    |                                                                                        |
|    |                                                                                        |
|    |                                                                                        |

- 1 32. The system of claim 31 wherein the configuration parameters include an isolated setting and an execution mode word.
  - 33. The system of claim 32 wherein the access information comprises a physical address and an access type, the access type indicating if the access transaction is one of a memory access, an input/output access, and a logical processor access, the physical address being one of a translation lookaside buffer (TLB) physical address from a TLB and a front side bus (FSB) physical address from an FSB.

| 1 | 34.      | The system of claim 33 wherein the configuration storage comprises:        |  |
|---|----------|----------------------------------------------------------------------------|--|
| 2 | a settir | ng storage to contain the isolated setting for defining the isolated memor |  |

3 area.

- 1 35. The system of claim 34 wherein the setting storage comprises:
- a base register, a mask register, and a length register to store a base value, a mask
- 3 value, and a length value, respectively, a combination of at least two of the base, mask,
- 4 and length values forming the isolated setting.
- 1 36. The system of claim 35 wherein the configuration storage further 2 comprises:
- a processor control register to contain the execution mode word, the execution mode word being asserted when the processor is configured in the isolated execution mode.
- 1 37. The system of claim 36 wherein the access checking circuit comprises:
- 2 TLB and FSB address detectors to detect if the TLB and FSB physical addresses
- 3 are within the isolated memory area defined by the isolated setting, respectively, the TLB

042390.P8112 36 Patent Application

- 4 and FSB address detectors generating a processor isolated access signal and an FSB
- 5 isolated access signal, respectively.
- 1 38. The system of claim 37 wherein the access checking circuit further
- 2 comprises:
- a snoop checking circuit coupled to a cache and the address detector to generate a
- 4 processor snoop access signal.
- 1 39. The system of claim 38 wherein the snoop checking circuit comprises:
- a snoop combiner to combine a cache access signal, the FSB isolated access
- 3 signal, and an external isolated access signal from another processor, the combined cache
- 4 access signal, the processor isolated access signal and the external isolated access signal
- 5 corresponding to the processor snoop access signal.
- 1 40. The system of claim 37 wherein the access checking circuit further
- 2 comprises:
- an access grant generator coupled to the address detector and the processor control
- 4 register to generate an access grant signal indicating if the access transaction is valid.
- 1 41. The system of claim 37 wherein the logical processor access is one of a
- 2 logical processor entry and a logical processor exit.

- 1 42. The system of claim 41 wherein the access checking circuit comprises:
- 2 a logical processor manager to manage a logical processor operation caused by the
- 3 logical processor access.
- 1 43. The system of claim 42 wherein the logical processor manager comprises:
- 2 a logical processor register to store a logical processor count indicating a number
- 3 of logical processors currently enabled;
- a logical processor state enabler to enable a logical processor state when the
- 5 logical processor access is valid;
- a logical processor updater coupled to the logical processor register to update the
- 7 logical processor count according to the logical processor access, the logical processor
- 8 updater being enabled by the enabled logical processor state;
- 9 a minimum detector coupled to the logical processor register to determine if the
- 10 logical processor count is equal to a minimum logical processor value; and
- a maximum detector coupled to the logical processor register to determine if the
- 12 logical processor count exceeds a maximum logical processor value.
- 1 44. The system of claim 43 wherein the logical processor updater initializes
- 2 the logical processor register when there is no enabled logical processor.

- 1 45. The system of claim 44 wherein the logical processor updater updates the 2 logical processor count in a first direction when the access transaction corresponds to the 3 logical processor entry, and updates the logical processor count in a second direction 4 opposite to the first direction when the access transaction corresponds to the logical 5 processor exit.
- 1 46. A computer program product comprising:
- 2 a machine readable medium having computer program code embodied therein, the 3 computer program product having:
- 4 computer readable program code for configuring an access transaction generated by a processor by a configuration storage containing configuration parameters, the 6 processor having a normal execution mode and an isolated execution mode, the access 7 transaction having access information; and
- 8 computer readable program code for checking the access transaction by an access 9 checking circuit using at least one of the configuration parameters and the access 10 information.
- 1 47. The computer program product of claim 46 wherein the configuration 2 parameters include an isolated setting and an execution mode word.

- 1 48. The computer program product of claim 47 wherein the access information 2 comprises a physical address and an access type, the access type indicating if the access 3 transaction is one of a memory access, an input/output access, and a logical processor 4 access, the physical address being one of a translation lookaside buffer (TLB) physical 5 address from a TLB and a front side bus (FSB) physical address from an FSB.
- 1 49. The computer program product of claim 48 wherein the computer readable program code for configuring the access transaction comprises:
- computer readable program code for defining an isolated memory area

  corresponding to a memory external to the processor by the isolated setting contained in a

  setting storage.
- 1 50. The computer program product of claim 49 wherein the computer readable 2 program code for defining the isolated memory area comprises:
- computer readable program code for forming the isolated setting by a combination of at least two of a base value, a mask value, and a length value stored in a base register, a mask register, and a length register, respectively.
- 1 51. The computer program product of claim 50 wherein the computer readable 2 program code for configuring the access transaction further comprises:

- computer readable program code for asserting the execution mode word stored in a processor control register when the processor is configured in the isolated execution mode.
- 1 52. The computer program product of claim 51 wherein the computer readable program code for checking the access transaction comprises:
- computer readable program code for detecting if the TLB and FSB physical
  addresses are within the isolated memory area defined by the isolated setting by TLB and
  FSB address detectors, respectively, the TLB and FSB address detectors generating
  processor and FSB isolated access signals, respectively.
- 1 53. The computer program product of claim 52 wherein the computer readable program code for checking the access transaction further comprises:
- computer readable program code for generating a processor snoop access signal
   by a snoop checking circuit.
  - 54. The computer program product of claim 53 wherein the computer readable program code for generating the processor snoop access signal comprises:
- computer readable program code for combining a cache access signal, the FSB isolated access signal, and an external isolated access signal from another processor by a snoop combiner, the combined cache access signal, the processor isolated access signal

- and the external isolated access signal corresponding to the processor snoop access
   signal.
- 1 55. The computer program product of claim 52 wherein the computer readable 2 program code for checking the access transaction further comprises:
- 3 computer readable program code for generating an access grant signal indicating
- 4 if the access transaction is valid by an access grant generator.
- 1 56. The computer program product of claim 52 wherein the logical processor
- 2 access is one of a logical processor entry and a logical processor exit.
- The computer program product of claim 56 wherein the computer readable program code for checking the access transaction comprises:
- 3 computer readable program code for managing a logical processor operation
- 4 caused by the logical processor access by a logical processor manager.
- 1 58. The computer program product of claim 57 wherein the computer readable
- 2 program code for managing the logical processor operation comprises:
- 3 computer readable program code for storing a logical processor count indicating a
- 4 number of logical processors currently enabled in a logical processor register;

- 5 computer readable program code for enabling a logical processor state when the 6 logical processor access is valid by a logical processor state enabler; 7 computer readable program code for updating the logical processor count 8 according to the logical processor access by a logical processor updater, the logical 9 processor updater being enabled by the enabled logical processor state; 10 computer readable program code for determining if the logical processor count is 11 equal to a minimum logical processor value by a minimum detector; and 12 computer readable program code for determining if the logical processor count 13 exceeds a maximum logical processor value by a maximum detector. 1 59. The computer program product of claim 58 wherein the computer readable
- computer readable program code for initializing the logical processor register
  when there is no enabled logical processor.

program code for updating the logical processor count comprises:

- 1 60. The computer program product of claim 59 wherein the computer readable 2 program code for updating the logical processor count comprises:
- computer readable program code for updating the logical processor count in a first direction when the access transaction corresponds to the logical processor entry; and

- 5 computer readable program code for updating the logical processor count in a
- 6 second direction opposite to the first direction when the access transaction corresponds to
- 7 the logical processor exit.